c90c7a7d97
feat(sbom): add Terraform .terraform.lock.hcl parser; ingest railiance repos
...
- ingest_sbom.py: parse .terraform.lock.hcl provider blocks (name, version);
ecosystem stored as 'other' until terraform added to DB ENUM
- Registered railiance-bootstrap + railiance-hosts under railiance domain
- railiance-hosts ingested: 2 Terraform providers (hashicorp/template 2.2.0,
hetznercloud/hcloud 1.52.0)
- railiance-bootstrap: no lockfile (pure Ansible/shell — noted in convention)
- sbom-convention_v0.1.md: add Terraform + Ansible rows to lockfile table;
update registered repos status table
Total SBOM: 422 packages across 2 repos (custodian + railiance-hosts)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-03-01 18:07:56 +01:00
1c3c6ef27d
feat(sbom): scan mode, domain grouping dashboard, SBOM convention doc
...
- ingest_sbom.py: add --scan flag (recursive lockfile discovery) +
--lockfile repeatable for explicit multi-file ingestion; skip
.venv/node_modules/.git/dist/etc; Makefile gains SCAN= and REPO_PATH= vars
- sbom.md: add /domains/ fetch; domain-level summary table; per-repo
accordion with details/summary; domain filter on package table; dual-
licence false-positive note; +1 KPI card (Domains Covered)
- canon/standards/sbom-convention_v0.1.md: authoritative lockfile table,
ingest workflow (single/scan/explicit), snapshot semantics, direct-vs-
transitive caveats, licence governance + copyleft escalation, update
cadence, multi-repo domain pattern, planned enhancements
First ingest: the-custodian — 420 pkgs (88 python + 332 node), 13 licence
groups, 1 copyleft flag (jszip dual-licensed MIT OR GPL-3.0-or-later)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-03-01 16:15:40 +01:00
0d978b1417
feat(canon): add contribution-convention v0.1, contrib/ templates, and first UPR artifact
...
- canon/standards/contribution-convention_v0.1.md: master spec for BR/FR/EP/UPR
artifact types, directory layout, frontmatter schema, ID schemes (EP-DOMAIN-NNN
for extension points), status lifecycle, and relationship to State Hub
- canon/standards/contrib-templates/: four template files (br, fr, ep, upr)
- contrib/upstream-prs/2026-02-26--observablehq--framework--toc-sidebar-inject.md:
first real UPR artifact — proposes injectTocTop() to Observable Framework
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-02-28 17:28:13 +01:00